June and July 2020 Product Release
Future Changes to How We Report Some Network Security Findings
As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.
Based on feedback from a large number of customers, we are working towards refactoring the way we report the port number for what we term Implied Vulnerabilities where we may not be able to authenticated with the Operating System, but we can use other information gathered to make accurate assumptions.
For example, we enumerated the version of Windows based on another service (HTTP, SNMP etc.) we would, by default, report the finding as TCP 445, because that is how you would find it on Windows, or TCP 22 for Linux. The problem has been that this port may not be available, and so we had the potential to cause some confusion if we reported findings on TCP 445, but that port was not seen in the port scan phase.
To overcome this confusion, we are changing this from reporting the assumed port number to instead read Generic.
We are working towards ensuring that this change has as little impact on your current workflows as possible, and how we can ensure the continuation of Accepted Risks and False Positives across this change. Further updates will be provided during the completion of this change.
Update to the Database Integration Library
We have upgraded the libraries used for integrating with MySQL when used within the Event Notifications. We now support MySQL versions 5.6, 5.7, and 8.0.
If you are using the integration into MySQL, please ensure that you are using one of the supported versions.
- Released Container inspection as a beta.
Container inspection allows to check for vulnerabilities in the containers themselves. It works by connecting to the private registry, downloads all the containers and analyses them. This is currently available as an invitation only beta. If you want to be considered for the beta, please ask your sales representative for access.
- Added support for tags on images in Docker scans.
- Added a top 10 trending global vulnerabilities list based on the Farsight risk score to the dashboard as a proof of concept (Note a Farsight license is not required to see this list). The Dashboard is currently considered beta. If you would like to be considered for the beta, please ask your sales representative for access.
- Improved CWE classifications and relationships to OWASP, WASC, CAPEC and Sans-25.
- (BETA) Added the ability to create new dashboards. To gain access to the dashboard please speak to your sales representative or raise a support ticket in the first instance to gain access.
- (BETA) Added the ability to add new dashboard cards such as fixed findings, findings by CVSS, findings by source etc. More 'cards' will be added in the future
- (BETA) Added the ability to filter on static findings in the dashboard
- Implemented a new encryption service to improve performance on encryption tasks. This service introduces two new API end points (see below).
- Added a new warning message for verify scans with regard to accuracy.
- Added support for Debian.
- Added support for Fedora.
- Introduced two new API endpoints to support the new encryption service.
Bug Fixes and Minor Improvements
- Improved detection of AWS regions such as China and GovCloud East & West.
- Fixed a bug in scheduled reports that would prevent the generate button from being presented.
- Fixed an issue in Cloudsec causing impacts, notes and references being displayed despite being empty.
- Fixed a bug in the scheduled reports date picker preventing OK and cancel being presented on screen without scrolling.
- Fixed an issue with docker scans not completing and not reporting as failed.
- Fixed an issue with Exported SWAT reports that caused the 'Script-ID' to be incorrectly displayed in the report.
- Fixed an issue with Cloudsec Inspect that prevented the ability to delete a Cloudsec configuration if the associated credentials were removed before hand.
- Fixed an issue that was resulting in duplicate findings being reported instead of deduping them.
- Fixed an issue that, in rare circumstances, could cause an out of memory error when scanning SMB ports.
- Fixed a bug that caused the scan engine to always scan SMB 445 even if it was not available.
- Fixed a bug that was preventing discovery scans completing successfully.
- Fixed a bug tied to the discovery scan issue, that was preventing reports from being generated.
- Fixed a bug that was preventing the Windows Agent generating a valid GUID in certain circumstances.
- Fix a bug preventing a HIAB schedule from talking to a HIAB Scanner under specific enrollment conditions.
- Fixed an issue preventing findings appearing in reports when the maintenance plan is enabled on HIAB.
- Fixed an issue preventing findings being available when applying filters on target groups.
- Fixed an issue resulting in findings being displayed twice under certain circumstances.
- Fixed an issue requiring a distinguished name when fetching LDAP groups.
- Made improvements to service enumeration.
- Made improvements to authenticated user enumeration.
- Added detection for Adobe Bridge.
- Added detection for Arista EOS.
- Added detection for Guacamole client.
- Docker scans will not have potential False Positives filtered out.
- Fixed an issue where Consumption stats were not updating for MSSP's.
- Fixed an issue with Splunk integration sending XML not JSON.
- Fixed an issue preventing the vulnerability database rules date from being displayed in reports.
- Fixed a bug with reporting where filtering on targets by scanner column could cause an error.
- Fixed a bug that prevented report templates being saved when using certain custom attributes.
- Fixed an issue that caused the managed targets view and reporting tool to show different results when filtering with "Quotation marks".
- Fixed an issue with target management that caused incorrect, or no, results being shown when filtering on an IP address where a previous report existed.
- Fixed a bug that prevented the CVSS V3 Severity Column from being included in the excel detailed report.
- Fixed a bug that caused all findings to be set to "information" risk level when exporting findings with CVSS score 0.0 and risk level Low/Medium/High and then importing the report.
- Fixed an issue that prevented discovery findings from being displayed if a filter existed in the target grid.
- Fixed a rare issue that could case a HIAB to be unable to scan due to state.
- Improved detection for the Citrix NetScaler: Arbitrary Code Execution Vulnerability.
- Improved scan scheduling for agents when added to existing groups.
- Improved error handling when specific modules with no results is encountered.
- Improved registry output from agent during Scan.
- Fixed a bug causing the agent to assume the Administrator account was always 'Administrator'.
- Fixed a bug causing an incorrect call home frequency to be displayed when viewing agents in list mode.
- Removed some options from agent target that were not applicable.
- Fixed a bug causing error messages when attempting to edit the agent host.
- Fixed a bug preventing the correct GUID being created for some agent deployments.
- Fixed a bug that, under specific circumstances, could cause a database lock.
- Added --version flag to agents to get the version.
- Improved findings to more closely match those from an authenticated scan.
- Agents now have the ability to renew their certificates if necessary.
- Set the minimum call home frequency to 60 minutes.
- Implemented signing of .msi install.
- Updated the Test Tracking finding to indicate an Agent or Docker scan.
- Fixed an issue where Agents would only call home when first enrolled.
- Fixed an issue where Agents may cause regular Windows Event Log messages.
- Fixed an issue where four empty SMB related findings were shown on every scan.
- Fixed a bug preventing the Thycotic integration working correctly in some instances.
- Fixed a bug with the ServiceNow module causing errors with basic authentication under certain conditions.
- Fixed a bug preventing the API taking into consideration port redirects on a HIAB when building URL redirects.
- Fixed a bug that would cause a logout from Outscan when API calls have a session timeout defined.
MSSP OUTSCAN Platform
- Fixed a bug preventing MSSP agents from managing terms templates and terms for subscriptions offered.
- Fixed a bug preventing consumption statistics from being updated correctly.
End of Life Announcement
Elastic Workload Protector (EWP)
- Official End of Life date: 31st September 2020
- Official End of Support date: 31st December 2020